Implicit web-browsing and ssl

L3 Networker

Implicit web-browsing and ssl

I've noticed that some App-IDs have web-browsing and ssl implicit to the application while others they are dependencies.


Is there a reason for this?

Are the App-IDs being updated to make these 2 applications implicit?


For instance, I'm setting up firewall policies for both teamviewer and Office 365.  There are many more but I'm using these two just as an example.  For both of these, ssl & web-browsing are dependencies.  I followed the Tips & Tricks article about making a custom service group with all the ports necessry for these applications and applying it to a policy for web-browsing and ssl but I still get the dependency warnings.  These are just annoying and having to explain to the client why they are there is a pain as well!  The only way to eliminate them is to add web-browsing and ssl to every security policy that has these as dependencies.


It seems like half the App-IDs now have web-browsing and ssl as requirements and I don't see this shrinking. 


So it really seems that something has to be done to alleviate this issue.


Anybody know if there is work to eliminate these spurious dependency warnings?



L7 Applicator

Re: Implicit web-browsing and ssl


There is an existing Feature Request to add the ability to supress these warnings, although I'm not sure what the exact FR number is off-hand. I would contact your SE and have them add your vote to the FR in question. 

You could include web-browsing and ssl in all of these rules, but that has some possible security implications that you might not want to encounter. Really the best answer to this is explaining to the client that it's just something that they'll have to live with for the moment; unless you can actually get away with adding the app-ids in these aren't going away anytime soon. 

L3 Networker

Re: Implicit web-browsing and ssl

I realize it's not actually a solution but it does provide a clear answer that I can work with.  It's a feature request and hopefully, some day, it'll be implemented.


Sorry for the pathetically late reply and thank you for the answer.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!